<?php
/**
 * DouPHP
 * --------------------------------------------------------------------------------------------------
 * 版权所有 2013-2015 漳州豆壳网络科技有限公司，并保留所有权利。
 * 网站地址: http://www.douco.com
 * --------------------------------------------------------------------------------------------------
 * 这不是一个自由软件！您只能在遵守授权协议前提下对程序代码进行修改和使用；不允许对程序代码以任何形式任何目的的再发布。
 * 授权协议：http://www.douco.com/license.html
 * --------------------------------------------------------------------------------------------------
 * Author: DouCo
 * Release Date: 2015-10-16
 */
define('IN_DOUCO', true);

require (dirname(__FILE__) . '/include/init.php');

// rec操作项的初始化
$rec = $check->is_rec($_REQUEST['rec']) ? $_REQUEST['rec'] : 'default';

$smarty->assign('rec', $rec);
$smarty->assign('cur', 'user');
$smarty->assign('ur_here', $_LANG['user']);
$smarty->assign('userlist_link', array ('text' => $_LANG['user_list'],'href' => 'user.php')); 
$smarty->assign('userapply_link', array ('text' => $_LANG['user_apply'],'href' => 'user.php?rec=apply')); 
$smarty->assign('useradd_link', array ('text' => $_LANG['user_add'],'href' => 'user.php?rec=add')); 
/**
 * +----------------------------------------------------------
 * 会员列表
 * +----------------------------------------------------------
 */
if ($rec == 'default') {
    $smarty->assign('ur_here', $_LANG['user']);

    $user_name = i('user_name','','request');
    $mobile    = i('mobile','','request');
    if($user_name) $where .= " AND user_name LIKE '%$user_name%' ";
    if($mobile)    $where .= " AND mobile LIKE '%$mobile%' ";
    
    $sql = "SELECT * FROM " . $dou->table('user') . " WHERE 1 $where ORDER BY user_id ASC";
    $query = $dou->query($sql);
    while ($row = $dou->fetch_array($query)) {
        $add_time = date("Y-m-d", $row['add_time']);
        $last_login = date("Y-m-d H:i:s", $row['last_login']);

        $user_list[$row['user_id']] = $row;
        $user_list[$row['user_id']]['add_time']   = $add_time;
        $user_list[$row['user_id']]['last_login'] = $last_login;
    }
    
    // 赋值给模板
    $smarty->assign('user_list', $user_list);
    $smarty->display('user.htm');
} 

/**
 * +----------------------------------------------------------
 * 会员添加处理
 * +----------------------------------------------------------
 */
elseif ($rec == 'add') {
    if ($_USER['action_list'] != 'ALL') {
        $dou->dou_msg($_LANG['without'], 'user.php');
    }
    $user_info['mobile'] = i('mobile','','request');
    $user_info['email']  = i('email','','request');
    
    // CSRF防御令牌生成
    $smarty->assign('user_info', $user_info);
    $smarty->assign('token', $firewall->get_token());
    $smarty->display('user.htm');
} 

elseif ($rec == 'insert') {
    if ($_USER['action_list'] != 'ALL') {
        $dou->dou_msg($_LANG['without'], 'user.php');
    }
    
    // 验证用户名
    if (!$check->is_username($_POST['user_name']))
        $dou->dou_msg($_LANG['user_username_cue']);
    //验证手机/用户名是否存在
    $sql = "SELECT * FROM " . $dou->table('user') . " WHERE user_name='$_POST[user_name]' OR mobile='$_POST[mobile]' LIMIT 1";
    $user_info = $dou->get_row($sql);
    if($user_info) $dou->dou_msg($_LANG['user_or_mobile_cue']);
        
    // 验证密码
    if (!$check->is_password($_POST['password']))
        $dou->dou_msg($_LANG['user_password_cue']);
        
    // 验证确认密码
    if ($_POST['password_confirm'] !== $_POST['password'])
        $dou->dou_msg($_LANG['user_password_confirm_cue']);
    
    $password = md5($_POST['password']);
    $add_time = time();
    
    // CSRF防御令牌验证
    $firewall->check_token($_POST['token']);
    $usertoken = uniqid(mt_rand('10000','99999'));
    
    $sql = "INSERT INTO " . $dou->table('user') . " (user_id, user_type, usertoken, user_name, nick_name, sex, email, mobile, level, balance, password, action_list, add_time, invoice_title)" . " VALUES (NULL, '$_POST[user_type]', '{$usertoken}', '$_POST[user_name]', '$_POST[nick_name]', '$_POST[sex]', '$_POST[email]', '$_POST[mobile]', '$_POST[level]', '$_POST[add_balance]', '$password', 'ADMIN', '$add_time', '$_POST[invoice_title]')";
    $dou->query($sql);
    //操作记录
    $log_msg = $_LANG['user_add'].': '.$_POST['user_name'];
    if($_POST[add_balance] != 0) $log_msg .= ','.$_LANG['add_balance'].':'.$_POST[add_balance];
    $dou->create_admin_log($log_msg);

    $dou->dou_msg($_LANG['user_add_succes'], 'user.php');
} 

/**
 * +----------------------------------------------------------
 * 会员编辑
 * +----------------------------------------------------------
 */
elseif ($rec == 'edit') {
    $smarty->assign('ur_here', $_LANG['user']);
    $smarty->assign('action_link', array ('text' => $_LANG['user_list'],'href' => 'user.php' ));
    
    // 验证并获取合法的ID
    $id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : '';
    
    $query = $dou->select($dou->table('user'), '*', '`user_id` = \'' . $id . '\'');
    $user_info = $dou->fetch_array($query);
    
    if ($_USER['action_list'] != 'ALL' && $user_info['user_name'] != $_USER['user_name']) {
        $dou->dou_msg($_LANG['without'], 'user.php');
    }
    
    // 超级会员修改普通会员信息无需旧密码
    if ($_USER['action_list'] == 'ALL' && $user_info['user_name'] != $_USER['user_name']) {
        $if_check = false;
    } else {
        $if_check = true;
    }
    
    // CSRF防御令牌生成
    $smarty->assign('token', $firewall->get_token());
    
    $smarty->assign('if_check', $if_check);
    $smarty->assign('user_info', $user_info);
    
    $smarty->display('user.htm');
} 

elseif ($rec == 'update') {
    $query = $dou->select($dou->table('user'), '*', '`user_id` = \'' . $_POST['id'] . '\'');
    $user_info = $dou->fetch_array($query);
    
    // 判断会员账号是否符合规范
    if (!$check->is_username($_POST['user_name'])) {
        $dou->dou_msg($_LANG['user_username_cue']);
    }
    
    // 超级会员修改普通会员信息无需旧密码
    if (!($_USER['action_list'] == 'ALL' && $user_info['user_name'] != $_USER['user_name'])) {
        if (!$_POST['old_password']) {
            $dou->dou_msg($_LANG['user_old_password_cue']);
        } elseif (md5($_POST['old_password']) != $user_info['password']) {
            $dou->create_admin_log($_LANG['user_edit'] . ': ' . $_POST['user_name'] . " ( " . $_LANG['user_old_password_cue'] . " )");
            $dou->dou_msg($_LANG['user_old_password_cue']);
        }
    }
    
    // 如果有输入新密码，则验证新密码
    if ($_POST['password']) {
        if (!$check->is_password($_POST['password'])) {
            $dou->dou_msg($_LANG['user_password_cue']);
        } elseif ($_POST['password_confirm'] != $_POST['password']) {
            $dou->dou_msg($_LANG['user_password_confirm_cue']);
        }
        
        $update_password = ", password = '" . md5($_POST['password']) . "'";
    }
    
    // CSRF防御令牌验证
    $firewall->check_token($_POST['token']);
    
    $sql = "UPDATE " . $dou->table('user') . " SET user_type = '$_POST[user_type]', user_name = '$_POST[user_name]', nick_name = '$_POST[nick_name]', sex = '$_POST[sex]',  email = '$_POST[email]', mobile = '$_POST[mobile]', level = '$_POST[level]', balance = balance+'$_POST[add_balance]' " . $update_password . ", invoice_title='$_POST[invoice_title]' WHERE user_id = '$_POST[id]'";
    $dou->query($sql);
    //操作记录
    $log_msg = $_LANG['user_edit'].': '.$_POST['user_name'];
    if($_POST[add_balance] != 0) $log_msg .= ','.$_LANG['add_balance'].':'.$_POST[add_balance];
    $dou->create_admin_log($log_msg);

    $dou->dou_msg($_LANG['user_edit_succes'], 'user.php');
} 

/**
 * +----------------------------------------------------------
 * 会员删除
 * +----------------------------------------------------------
 */
elseif ($rec == 'del') {
    if ($_USER['action_list'] != 'ALL') {
        $dou->dou_msg($_LANG['without'], 'user.php');
    }
    
    // 验证并获取合法的ID
    $user_id = $check->is_number($_REQUEST['id']) ? $_REQUEST['id'] : $dou->dou_msg($_LANG['illegal'], 'user.php');
    
    $user_name = $dou->get_one("SELECT user_name FROM " . $dou->table('user') . " WHERE user_id = '$user_id'");
    
    if ($user_name == $_USER['user_name'] || ($_USER['action_list'] != 'ALL' && $user_info['user_name'] != $_USER['user_name'])) {
        $dou->dou_msg($_LANG['user_del_wrong'], 'user.php', '', '3');
    } else {
        if (isset($_POST['confirm']) ? $_POST['confirm'] : '') {
            $dou->create_admin_log($_LANG['user_del'] . ': ' . $user_name);
            $dou->delete($dou->table('user'), "user_id = $user_id", 'user.php');
        } else {
            $_LANG['del_check'] = preg_replace('/d%/Ums', $user_name, $_LANG['del_check']);
            $dou->dou_msg($_LANG['del_check'], 'user.php', '', '30', "user.php?rec=del&id=$user_id");
        }
    }
} 

/**
 * +----------------------------------------------------------
 * 查看收货地址
 * +----------------------------------------------------------
 */
elseif ($rec == 'user_address') {
    $smarty->assign('ur_here', $_LANG['address']);

    $smarty->assign('cur', 'user_address');
    $user_id = empty($_REQUEST['id']) ? 0 : $_REQUEST['id'];
    
    // 验证并获取合法的分页ID
    $page = $check->is_number($_REQUEST['page']) ? $_REQUEST['page'] : 1;
    $limit = $dou->pager('user_address', 15, $page, 'user.php?rec=user_address');
    
    $sql = "SELECT * FROM " . $dou->table('user_address') . " WHERE user_id='$user_id' ORDER BY id DESC" . $limit;
    $query = $dou->query($sql);
    while ($row = $dou->fetch_array($query)) {
        $create_time = date("Y-m-d H:i:s", $row['create_time']);
        $user_name = $dou->get_one("SELECT user_name FROM " . $dou->table('user') . " WHERE user_id = " . $row['user_id']);

        $address_list[$row[id]] = $row;
        $address_list[$row[id]]['create_time']  = $create_time;
        $address_list[$row[id]]['user_name']    = $user_name;
        $address_list[$row[id]]['address_info'] = get_region_info($row[province], $row[city], $row[area]);
    }

    // 赋值给模板
    $smarty->assign('address_list', $address_list);
    $smarty->display('user.htm');
}



/**
 * +----------------------------------------------------------
 * 查看申请会员
 * +----------------------------------------------------------
 */
elseif ($rec == 'apply') {
    $sql = "SELECT * FROM " . $dou->table('user_apply') . " WHERE 1 ORDER BY create_time DESC";
    // 分页
    $page = $check->is_number($_REQUEST['page']) ? $_REQUEST['page'] : 1;
    $page_url = 'user.php?rec=apply';
    $limit = $dou->pager_bysql($sql, 15, $page, $page_url);
    $apply = $dou->get_all($sql.$limit);
    // 赋值给模板
    $smarty->assign('apply_list', $apply);
    $smarty->display('user.htm');
}
elseif ($rec == 'update_apply_state'){
    $sql = $dou->update_sql($dou->table('user_apply'), array('state'=>'1'), "id='$_REQUEST[id]'");
    $dou->query($sql);
    $dou->dou_header($_SERVER['HTTP_REFERER']);
}



?>